Skip to content

Commit 6cdbc28

Browse files
jbranchaudjbranchaud
committed
Add Generate A SAML Key And Certificate Pair as a unix til
1 parent db47fe8 commit 6cdbc28

File tree

2 files changed

+29
-1
lines changed

2 files changed

+29
-1
lines changed

README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ pairing with smart people at Hashrocket.
1010

1111
For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud).
1212

13-
_1052 TILs and counting..._
13+
_1053 TILs and counting..._
1414

1515
---
1616

@@ -990,6 +990,7 @@ _1052 TILs and counting..._
990990
- [Find Newer Files](unix/find-newer-files.md)
991991
- [Fix Unlinked Node Binaries With asdf](unix/fix-unlinked-node-binaries-with-asdf.md)
992992
- [Forward Multiple Ports Over SSH](unix/forward-multiple-ports-over-ssh.md)
993+
- [Generate A SAML Key And Certificate Pair](unix/generate-a-saml-key-and-certificate-pair.md)
993994
- [Get Matching Filenames As Output From Grep](unix/get-matching-filenames-as-output-from-grep.md)
994995
- [Get The Unix Timestamp](unix/get-the-unix-timestamp.md)
995996
- [Global Substitution On The Previous Command](unix/global-substitution-on-the-previous-command.md)

unix/generate-a-saml-key-and-certificate-pair.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# Generate A SAML Key And Certificate Pair
2+
3+
The `openssl` utility can be used to generate a SAML (Security Assertion Markup
4+
Language) key pair which consists of a public certificate and a private key.
5+
6+
```bash
7+
openssl req -new -x509 -days 365 -nodes -sha256 \
8+
-out saml.crt \
9+
-keyout saml.key
10+
```
11+
12+
> The req command primarily creates and processes certificate requests in
13+
> PKCS#10 format. It can additionally create self-signed certificates, for use
14+
> as root CAs, for example.
15+
16+
The flags to `req` are as follows:
17+
- `-new` for a new certificate (cert) request
18+
- `-x509` to output a self-signed cert instead of a cert request
19+
- `-days 365` for a year-long cert
20+
- `-nodes` to not encrypt the private key
21+
- `-sha256` is the digest algorithm for signing the cert
22+
- `-out saml.crt` specifies the certificate output file
23+
- `-keyout saml.key` specifies the private key output file
24+
25+
See `man openssl` and search for `openssl req` for more details.
26+
27+
[source](https://www.lightsaml.com/LightSAML-Core/Cookbook/How-to-generate-key-pair/)

0 commit comments

Comments
 (0)